Why does Mt Gox disallow YubiKeys purchased direct from Yubikey.com?

7

4

I have several Yubikeys and would like to use one or more with MtGox.... however it seems that I can only use keys purchased from Mt Gox on their site.

  • Why did Mt Gox choose to implement security this way?

  • Suppose I'm creating my own secure website based on Yubikey.. what are the conditions that I would choose to implement a "closed" system like this (and not allow other Yubikeys)?

I asked Mt Gox support this very question and all they told me was:

Hello, Thank you for the email. Please note that the yubikeys has to be pre-configured with our systems, so unfortunately it is not possible to add yubikeys that are purchased outside. Thanks, MtGox.com Team

... so I'm hoping to get a better understanding on why this choice was made.

goodguys_activate

Posted 2013-01-18T16:09:24.117

Reputation: 11 898

Without speculation, only MtGox can answer that question definitively.Colin Dean 2013-01-18T16:20:51.373

Answers

16

Properties of a yubikey:

  • A yubikey contains a secret symmetric key.
  • Knowledge of this key allows emulating that yubikey.

  • The server needs to know that key.

  • The YubiKey AES Key information can never be extracted from a YubiKey device – only programmed to it

So Mt.Gox's insistence on sending the key to you ensures several important properties:

  • You're not tempted to use the same key to authenticate to other websites, which would allow those websites to break into your Mt.Gox account
  • You don't need to send the key to the Mt.Gox server through your potentially insecure computer
  • Nobody but Mt.Gox knows the key stored in your yubikey

So pre-programming yubikeys and sending them to you only after the key was programmed into the device rules out several possible threats, and thus seems reasonable risk management.

CodesInChaos

Posted 2013-01-18T16:09:24.117

Reputation: 860

1YubiKeys can hold two profiles, one activated with a short button press and one with a longer button press. They could program the YubiKey such that their profile is locked but you can program the other profile so you could still use the YubiKey for other accounts. Though there would always be a risk that you'd get the button press length wrong and send a live Gox authorization to some other site.David Schwartz 2013-04-09T22:44:31.050

This answer is incorrect. Yubikeys direct from the factory are compatible with YubiCloud. Using them with a website does not require the website to have knowledge of the private key. None of the three risks you list are actual risks.

The only reason to actually do this is to avoid outages when YubiCloud goes down, but uptime on YubiCloud is very good as the service is very simple (validate signature, increment counter). – STRML 2018-04-03T21:55:17.613

@Lohoris Wouldn't that require loading a new AES Key, and thus invalidating that key for Mt.Gox use?CodesInChaos 2013-01-27T12:49:25.263

@CodesInChaos oh, true. I'll delete my wrong suggestion.o0'. 2013-01-27T12:52:00.157

4

The only problem with this is that someone at Mt. Gox could potentially know or discover the symmetric key for the YubiKey you purchased through them. The keys loaded onto YubiKeys purchased directly from Yubico are neither available to Yubico employees nor to you, the user, and are stored securely with Yubico via their YubiHSM devices. Mt. Gox may be using similar hardware to secure the keys for their YubiKeys, but we don't know how securely their YubiKeys are programmed or exactly how the keys are stored by Mt. Gox. Without this knowledge, which we have with reasonable certainty in the case of YubiKeys straight from Yubico, we can assume that the YubiKeys sold my Mt. Gox are either as secure as those sold by Yubico or less secure.

My thought is that Mt. Gox insists on programming their branded YubiKeys themselves so that they do not depend on Yubico's YubiCloud service for their customers' ability to authenticate with their servers. Right now, YubiCloud authentication is free, and Yubico offers a paid option that guarantees YubiCloud uptime and availability, but IMHO the SLA price is high (right now $3/YubiKey/year). This way, Mt. Gox can take it upon themselves to guarantee availability of the YubiKey authentication service and not depend on Yubico at all.

I agree that it would be nice if we could use our own (non-MtGox-branded) YubiKeys with their service. One of the problems with regular old passwords is that you have to have so many of them to make sure that the compromise of one doesn't affect all the others. Strong two-factor authentication devices like YubiKeys were supposed to partially solve this problem, but now we're seeing an increasing number of services that require you to purchase a specially-branded YubiKey to work with their servers. The resulting keychainfull of YubiKeys is arguably worse (and definitely more expensive) than a USB drive full of passwords.

Brian Burns

Posted 2013-01-18T16:09:24.117

Reputation: 41

"The resulting keychainful of USB keys" ... I'm starting to see that and asked a similar/related question here http://security.stackexchange.com/q/26261/396

goodguys_activate 2013-01-27T15:18:41.477

0

You might be able to reprogram a Mt. Gox Yubikey with ykpers or the gui version, but then it probably won't work with Mt. Gox.

UPDATE: After following the instructions here, I discovered the Mt. Gox Yubikey is protected by a "configuration protection access code."

From the manual:

Protection of the key and configuration data

Given the symmetric nature of the AES encryption algorithm, the security of the Yubikey relies that the AES key is logically and physically protected both in the key and in the server that verifies the OTP.

The configuration data is updated via a configuration API, accessible via the USB interface. To prevent unauthorized update, the configuration can be protected by a 48-bit access code. If used, an exhaustive search of all combinations would typically take some 100,000 years to perform. Furthermore, the Yubikey configuration data is write-only, i.e. configuration data and the key can only be written but not be read. This means that unauthorized update of the configuration is an act of sabotage rather than a security threat.

The configuration data is stored in a non-volatile storage integral to the microcontroller. A potential attack is to physically probe the silicon or analyze the hardware behavior to potentially gain full or partial knowledge of the stored secrets. However, such an attack would require a complete break-up of the Yubikey, involving dissolving the microcontroller chip encapsulation. Furthermore, very advanced equipment is needed to probe the chip internals. Given the effort and costs involved for such an attack, this is not considered a threat given that just a single device will be broken.

So it should still be possible to "sabotage" a Mt. Gox Yubikey, no?

Hopefully the above description of how the Mt. Gox Yubikeys work helps you see why they can't use non-Mt. Gox Yubikeys: the "configuration protection access code" would no longer be Mt. Gox's secret.

Geremia

Posted 2013-01-18T16:09:24.117

Reputation: 3 665

Asked: 2013-01-18T16:09:24.117

Viewed: 4 719 times

Active: 2013-06-21T06:19:23.317